You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently when trying to create new certificates I always get an error after the first step (selecting the domains to enable SSL for) of letsencrypt-auto. I get the following error:
Error: urn:acme:error:badNonce :: The client sent an unacceptable anti-replay nonce :: JWS has invalid anti-replay nonce
This seems to be a new problem as the certificates I requested in the past did not fail like this.
Here is my logfile (with masked details):
# cat letsencrypt.log
2016-01-21 12:17:28,936:DEBUG:letsencrypt.cli:Root logging level set at 30
2016-01-21 12:17:28,936:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-01-21 12:17:28,936:DEBUG:letsencrypt.cli:letsencrypt version: 0.2.0
2016-01-21 12:17:28,936:DEBUG:letsencrypt.cli:Arguments: []
2016-01-21 12:17:28,936:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-01-21 12:17:28,939:DEBUG:letsencrypt.cli:Requested authenticator None and installer None
2016-01-21 12:17:29,321:DEBUG:letsencrypt.display.ops:Single candidate plugin: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = letsencrypt_apache.configurator:ApacheConfigurator
Initialized: <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f1b6a9a1410>
Prep: True
2016-01-21 12:17:29,321:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f1b6a9a1410> and installer <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f1b6a9a1410>
2016-01-21 12:17:31,448:DEBUG:letsencrypt.cli:Picked account: <Account(--MASKED--)>
2016-01-21 12:17:31,448:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-01-21 12:17:31,452:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-01-21 12:17:31,701:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 263
2016-01-21 12:17:31,703:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '263', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Date': 'Thu, 21 Jan 2016 12:17:28 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': '--MASKED--'}. Content: '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2016-01-21 12:17:31,704:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '263', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Date': 'Thu, 21 Jan 2016 12:17:28 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': '--MASKED--'}): '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2016-01-21 12:17:31,860:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0017_key-letsencrypt.pem
2016-01-21 12:17:31,863:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0017_csr-letsencrypt.pem
2016-01-21 12:17:31,863:DEBUG:letsencrypt.client:CSR: CSR(file='/etc/letsencrypt/csr/0017_csr-letsencrypt.pem', data='--MASKED--', form='der'), domains: ['--MASKED--']
2016-01-21 12:17:31,863:DEBUG:root:Requesting fresh nonce
2016-01-21 12:17:31,863:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2016-01-21 12:17:31,864:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-01-21 12:17:31,886:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2016-01-21 12:17:31,887:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '78', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Date': 'Thu, 21 Jan 2016 12:17:28 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': '--MASKED--'}. Content: ''
2016-01-21 12:17:31,887:DEBUG:acme.client:Storing nonce: '--MASKED--'
2016-01-21 12:17:31,888:DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, challenges=None, status=None, combinations=None
2016-01-21 12:17:31,888:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "--MASKED--"}, "resource": "new-authz"}
2016-01-21 12:17:31,889:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
2016-01-21 12:17:31,891:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
2016-01-21 12:17:31,891:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "--MASKED--"}}, "protected": "--MASKED--", "payload": "--MASKED--", "signature": "--MASKED--"}'}
2016-01-21 12:17:31,892:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-01-21 12:17:32,103:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 400 92
2016-01-21 12:17:32,105:DEBUG:root:Received <Response [400]>. Headers: {'Content-Length': '92', 'Server': 'nginx', 'Connection': 'close', 'Date': 'Thu, 21 Jan 2016 12:17:28 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': '--MASKED--'}. Content: '{"type":"urn:acme:error:badNonce","detail":"JWS has invalid anti-replay nonce","status":400}'
2016-01-21 12:17:32,105:DEBUG:acme.client:Storing nonce: '--MASKED--'
2016-01-21 12:17:32,105:DEBUG:acme.client:Received response <Response [400]> (headers: {'Content-Length': '92', 'Server': 'nginx', 'Connection': 'close', 'Date': 'Thu, 21 Jan 2016 12:17:28 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': '--MASKED--'}): '{"type":"urn:acme:error:badNonce","detail":"JWS has invalid anti-replay nonce","status":400}'
2016-01-21 12:17:32,106:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File "/home/ubuntu/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1398, in main
return args.func(args, config, plugins)
File "/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 559, in run
lineage = _auth_from_domains(le_client, config, domains)
File "/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 404, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File "/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 283, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 266, in obtain_certificate
return self._obtain_certificate(domains, csr) + (key, csr)
File "/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 224, in _obtain_certificate
authzr = self.auth_handler.get_authorizations(domains)
File "/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 74, in get_authorizations
domain, self.account.regr.new_authzr_uri)
File "/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 215, in request_domain_challenges
typ=messages.IDENTIFIER_FQDN, value=domain), new_authz_uri)
File "/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 195, in request_challenges
response = self.net.post(new_authzr_uri, new_authz)
File "/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 634, in post
return self._check_response(response, content_type=content_type)
File "/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 550, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:badNonce :: The client sent an unacceptable anti-replay nonce :: JWS has invalid anti-replay nonce
I hope that is helpful somwhow.
Thanks a lot in advance!
The text was updated successfully, but these errors were encountered:
@jonathan-reisdorf, to be safe, you can add --staging on the command line which will run letsencrypt against a test server with different and much more lenient rate limits.
Currently when trying to create new certificates I always get an error after the first step (selecting the domains to enable SSL for) of letsencrypt-auto. I get the following error:
Error: urn:acme:error:badNonce :: The client sent an unacceptable anti-replay nonce :: JWS has invalid anti-replay nonce
This seems to be a new problem as the certificates I requested in the past did not fail like this.
Here is my logfile (with masked details):
I hope that is helpful somwhow.
Thanks a lot in advance!
The text was updated successfully, but these errors were encountered: